Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

VoIP – vulnerabilities and attacks

17,817 views

Published on

null Mumbai July-August 2012 Meet

Published in: Education, Technology, Business
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... Download Full EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ACCESS WEBSITE for All Ebooks ......................................................................................................................... Download Full PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... Download EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... Download doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

VoIP – vulnerabilities and attacks

  1. 1. VoIP – Vulnerabilities and Attacks Presented by - push
  2. 2. Agenda • Introduction to VoIP – VoIP Architecture – VoIP Components – VoIP Protocols • A PenTester Perspective – Attack Vectors – Scanning – Attacks – Tools of Trade – Countermeasures and Securityhttp://null.co.in/ http://nullcon.net/
  3. 3. Remember Something?http://null.co.in/ http://nullcon.net/
  4. 4. VoIP • IP Telephony • Voice over Internet Protocol • Subset of IP Telephony • Transmission of “Voice” over Packet-Switched Network. • Is it only Voice??? – Data, Audio, Videohttp://null.co.in/ http://nullcon.net/
  5. 5. VoIP • Voice Analog Signals are converted to digital bits - “Sampled” and transmitted in packets Analog Voice Signals 101010101010 1101101101 Analog Voice 1010101010101101101 101010101010110110 Signals 101 1101 101010101010 1101101101 Internet 1010101010101101101 101010101010110110 101 1101http://null.co.in/ http://nullcon.net/
  6. 6. VoIP Architecture Ordinary Phone  ATA  Ethernet  Router  Internethttp://null.co.in/ http://nullcon.net/
  7. 7. VoIP Architecture IP Phone  Ethernet  IP-PBX  Router  Internet Internet IP Phone IP - PBX Modem / Routerhttp://null.co.in/ http://nullcon.net/
  8. 8. VoIP Architecture Softphone Phone  Ethernet  Router  Internet Internethttp://null.co.in/ http://nullcon.net/
  9. 9. VoIP Architecturehttp://null.co.in/ http://nullcon.net/
  10. 10. VoIP Components • User Agents (devices) • Redirect Servers • Media gateways • Registrar Servers • Signaling gateways • Location Servers • Network management system • Gatekeepers • Billing systems • Proxy Servers GW  Gateway MG  Media Gateway GK  Gatekeeper MGC  Media Gateway Controller NMS  Network Management System IVR  Interactive Voice Responsehttp://null.co.in/ http://nullcon.net/
  11. 11. VoIP Protocols • Vendor Proprietary • Signaling Protocols • Media Protocolshttp://null.co.in/ http://nullcon.net/
  12. 12. VoIP ProtocolsSIP Session Initiation Protocol SAP  Session Announcement ProtocolSGCP  Simple Gateway Control Protocol MIME  Multipurpose Internet MailIPDC  Internet Protocol device Control Extensions – Set of StandardsRTP  Real Time Transmission Protocol IAX  Inter-Asterisk eXchangeSRTP  Secure Real Time Transmission Protocol Megaco H.248  Gateway Control ProtocolRTCP  RTP Control Protocol RVP over IP  Remote Voice Protocol over IPSRTCP  Secure RTP Control Protocol RTSP  Real Time Streaming ProtocolMGCP  Media Gateway Control Protocol SCCP  Skinny Client Control Protocol (Cisco).SDP  Session Description Protocol UNISTIM  Unified Network Stimulus (Nortel).http://null.co.in/ http://nullcon.net/
  13. 13. VoIP Protocols - SIPhttp://null.co.in/ http://nullcon.net/
  14. 14. VoIP Protocols – H.323http://null.co.in/ http://nullcon.net/
  15. 15. A PenTester Perspectivehttp://null.co.in/ http://nullcon.net/
  16. 16. VoIP – Attack Vectors • Vulnerabilities of Both Data and Telephone Network • CIA Triadhttp://null.co.in/ http://nullcon.net/
  17. 17. VoIP - Scanning • Scanning a network for VoIP enabled systems / devices. • Tools for Scanning and Enumeration : – Nmap  port scanner – Smap  sip scanner. Finds SIP Enabled Servers – Svmap  sip scanner – Svwar  sip extension enumerator – Iwar VoIP Enabled modem Dialer – Metasploit Modules : • H.323 version scanner • SIP enumerator  SIP Username enumerator(UDP) • SIP enumerator_tcp  SIP Username Enumerator(TCP) • Options  SIP scanner(TCP) • Options_tcp  SIP scanner(UDP)http://null.co.in/ http://nullcon.net/
  18. 18. VoIP – Scanning Demo • Nmap scanhttp://null.co.in/ http://nullcon.net/
  19. 19. VoIP – Common Ports Protocol TCP Port UDP Port SIP 5060 5060 SIP-TLS 5061 5061 IAX2 - 4569 http – web based 80 / 8080 - management console tftp - 69 RTP - 5004 RTCP - 5005 IAX1 - 5036 SCCP 2000 SCCPS 2443 H.323 1720http://null.co.in/ http://nullcon.net/
  20. 20. VoIP – Scanning Demo • Smap • svmaphttp://null.co.in/ http://nullcon.net/
  21. 21. VoIP – Scanning Demo • Metasploit Scannerhttp://null.co.in/ http://nullcon.net/
  22. 22. VoIP - Attacks • Identity Spoofing • Conversation Eavesdropping / Sniffing • Password Cracking • Man-In-The-Middle • SIP-Bye DoS • SIP Bombing • RTP Insertion Attacks • Web Based Management Console Hacks • Fuzzing • Default Passwordshttp://null.co.in/ http://nullcon.net/
  23. 23. VoIP – Attacks Demo • Identity – Caller ID Spoofing – Tools Used : • Metasploit- SIP_INVITE_Spoof • VoIP Fuzzer – Protos -Siphttp://null.co.in/ http://nullcon.net/
  24. 24. VoIP – Attacks Demo • Conversation Eavesdropping – Tools used : • Cain & Abel • Ettercap • Arpspoof • Wiresharkhttp://null.co.in/ http://nullcon.net/
  25. 25. VoIP – Attacks Demo • Man-In-The-Middle – Tools Used : • Wireshark • Arpspoof / ettercap • RTPInject • RTPmixsoundhttp://null.co.in/ http://nullcon.net/
  26. 26. VoIP – Attacks Demo • Password Cracking – Tools Used : • SIPDump • SIPCrack • svcrackhttp://null.co.in/ http://nullcon.net/
  27. 27. VoIP - Attacks Some Default Passwords for VoIP Devices and Consoles: Device / Console Username Password Uniden UIP1868P VoIP - admin phone Web Interface Hitachi IP5000 VOIP WIFI - 0000 Phone 1.5.6 Vonage VoIP Telephone user user Adapter Grandstream Phones - Web Administrator /admin admin Adimistrator Interface user user •Asterisk Manager User Accounts are configured in /etc/asterisk/manager.confhttp://null.co.in/ http://nullcon.net/
  28. 28. VoIP – Audit & PenTest Tools • UCSniff • MetaSploit Modules : – Auxillary Modules • VoIPHopper • SIP enumerator  SIP Username enumerator • SIP enumerator_tcp  SIP USERNAME • Vomit Enumerator • VoIPong • Options  SIP scanner • Options_tcp  SIP scanner • IAX Flood • Asterisk_login  Asterisk Manager Login Utility – Exploits • InviteFlood • Aol_icq_downloadagent  AOL ICQ Arbitary File Downlowd • RTPFlood • Aim_triton_cseq AIM triton 1.0.4 CSeq Buffer Overflow • IAXFlood • Sipxezphone_cseq sipxezphone 0.35a Cseq Filed Overflow • BYE-TearDown • Sipxphone_cseq  sipxPhone 2.6.0.27 Cseq Buffer Overflowhttp://null.co.in/ http://nullcon.net/
  29. 29. Countermeasures & Security • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLS • Harden Network Security – IDS – IPS - NIPShttp://null.co.in/ http://nullcon.net/
  30. 30. Thank You See you all @ nullcon - Delhihttp://null.co.in/ http://nullcon.net/

×